Managing Access for Organization Guest Users

Last updated
Save as PDF

You can manage network access for certain access types on the Organization > Monitor > Users page. Use the users list for bulk changes, and the Users detail page for individual access updates. This page also supports access management for other products.

Access Manager

To manage access based on user attributes and configured rule sets, integrate with Access Manager.

Access Types

Organization Users can be authorized for access to network zones. Currently, administrators can manage the following types of access:

For Guest Users:

Splash with MerakiAuth
Client VPN (Meraki-hosted users only)

For 802.1X Users, see additional documentation.

Switch Access Policies
Enterprise Splash with Meraki Auth
Enterprise Meraki Auth

Configuring Guest User Access

Currently, administrators can manage the following types of access for Guest user accounts:

Account Type	Zone	Configuration	Authentication Type
Guest	Wireless SSID	Splash	Meraki Auth
Guest	Client VPN	L2TP	Meraki Auth

Splash Access via Meraki Auth

This access type does not include 802.1x login configurations.

Manage access (bulk)

To authorize access for multiple users:

1. Navigate to Organization > Monitor > Users, and select the target users by enabling the checkbox next to each user.

2. Click Edit Access on the action menu

3. Select Splash

4. In the Edit Access drawer, select the target networks and SSIDs from the dropdowns of available access zones.

5. Set a duration for the access

“Does not expire” gives access with an indefinite end date
“Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date)
“Do not authorize” will remove existing access for the given network and SSID

Grant access (single user)

To authorize access for a single user:

1. Navigate to Organization > Monitor > Users, and click the target user.

2. On the user details page, navigate to the Access section.

3. Click the Add dropdown and select Splash Access.

4. In the Add Access drawer, select the networks and SSIDs where Splash access should be granted.

5. Set a duration for the access

“Does not expire” gives access with an indefinite end date
“Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date)
“Do not authorize” will remove existing access for the given network and SSID

Edit access time period (single user)

To edit the expiration criteria for Splash access for a single user:

1. Navigate to Organization > Monitor > Users, and click the target user.

2. On the user details page, navigate to the Access section.

3. Select the currently assigned Wireless Splash access types from the list

4. Click the Edit dropdown and select “Change access time period”

5. Set a duration for the access

“Does not expire” gives access with an indefinite end date
“Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date)
“Do not authorize” will remove existing access for the given network and SSID

Revoke access (single user)

To revoke Wireless Splash access for a single user:

1. Navigate to the Organization > Monitor > Users page and click the target user.

2. On the user details page, navigate to the Access section

3. Select the target authorizations in the list to remove by enabling the checkmark next to each option.

3. Click the Edit dropdown and select Revoke Access.

Client VPN Access

This configuration supports access for Client VPN over L2TP.

Manage access (bulk)

To authorize access for multiple users:

1. Navigate to Organization > Monitor > Users and enable the checkbox next to the target user(s).

2. Click Edit Access on the action menu

3. Select Client VPN

4. In the Edit Access drawer, select the target networks from the available access zones.

5. Set a duration for the access

“Does not expire” gives access with an indefinite end date
“Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date)
“Do not authorize” will remove existing access for the given network

Grant access (single user)

To authorize access for a single user:

1. Navigate to Organization > Monitor > Users and click the target user.

2. On the user details page, navigate to the Access section.

3. Click the Add dropdown and select Client VPN Access.

4. In the Add Client VPN Authorization drawer, select the target zones where the user should be authorized.

5. Set a duration for the access

“Does not expire” gives access with an indefinite end date
“Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date)

Edit access (bulk)

To edit the network scope or the access period for Client VPN access for multiple users:

1. Navigate to the Organization > Monitor > Users page.

2. Select the target users from the list by checking the box next to each user with access you want to edit.

3. Click Edit Access and select Client VPN to make changes.

4. In the Edit Client VPN(s) Access drawer, change the networks or access period, and click Save.

Edit access time (single user)

To edit the expiration criteria for Client VPN access for a single user:

1. Navigate to the Organization > Monitor > Users page and click the target user.

2. In the Access section, select the desired authorizations from the list by checking the box next to each option you want to edit.

3. Click the Edit dropdown to make changes and select Change access time period.

4. In the Change access time period popup, change the authorization access period, and click Save.

Revoke access (single user)

To revoke Client VPN access for a single user:

1. Navigate to Organization > Monitor > Users and click the target user.

2. On the user details page, navigate to the Access section, and enable the checkmark next to each target access.

3. Click the Edit dropdown and click Revoke Access.

4. Click Revoke Access in the confirmation modal.